Earlier this month we announced a release of the platform version (2.2) which brings you many new features and functions. One added functionality is the ability to access your containers via SSH. Today, we’d like to provide a general overview of this feature.
SSH (Secure Shell) is a protocol used to connect securely to a remote container and execute the required commands on it. SSH commands are encrypted and secure: client/server connection is authenticated using a digital certificate, and passwords are protected by being encrypted.
To make SSH access available in the platform, a new infrastructure component was added to the core - SSH Gateway. SSH Gateway accepts users’ connections from the internet and then transmits these connections to the desired container, using an internal network.
The authentication procedure in SSH Gateway is divided into two independent parts:
- connection from end user to Gateway (external authentication)
- connection from Gateway to users’ container (internal authentication)
Both parts of the authentication procedure are based on a standard SSH protocol, using public/private keypairs.
With SSH Gateway, you can easily access:
- the whole account where you can navigate across your environments and containers using an interactive menu without extra authentication
- separate containers directly while working with them remotely via additional tools (e.g. Capistrano) or using SFTP and FISH protocols
While accessing containers via SSH, a user receives all required permissions and additionally can manage the main services with sudo commands of the following kind (and others):
sudo /etc/init.d/jetty start
sudo /etc/init.d/mysql stop
sudo /etc/init.d/tomcat restart
sudo /etc/init.d/memcached status
sudo /etc/init.d/mongod reload
sudo /etc/init.d/nginx upgrade
sudo /etc/init.d/httpd help
In addition, we provide support of SFTP (Secure File Transfer Protocol) by implementing the threaded daemon for SFTP connections processing. It lets you access, manage and transfer files directly to the container via SSH gateway, and in such a way, ensures data security.
An additional secure network protocol is FISH (Files transferred over Shell protocol). It is supported by a number of popular FTP-clients and file managers (e.g. Midnight Commander, Konqueror, lftp, Krusader, etc) and permits a user to securely access and manage a container’s file system.
Below we’ll describe how to:
Generate SSH Key
The steps of SSH key generation depends on the system you use:
Generate a new SSH key (the RSA type is required) using the ssh_keygen tool:
1. Initiate generation with the following command:
$ ssh-keygen -t rsa
2. You can view the value of both public and private SSH keys with the cat command (the exact location is circled in the image above). For example:
$ cat /home/jelastic/.ssh/id_rsa.pub
3. Copy the generated SSH key.
1. Download and run an SSH keygen tool, for example, PuTTYgen:
2. Specify the following parameters:
- choose SSH-2 RSA key type
- enter the desired number of bits (e.g. 2048)
3. Copy the generated key from the output field at the top of the window.
Add SSH Key
Now, you can add the generated SSH key to your account.
1. Open the platform dashboard and navigate to the upper toolbar.
Click the Settings button.
2. In the opened User Settings tab, navigate to an SSH Keys > Public Keys section.
3. Click the Add Public Key button and paste the previously generated key to the required Key field. The Name field will be automatically populated if your key already contains this value.
4. As a result, the added SSH key will appear in the list.
In this way, you can add several keys or delete any if they are unnecessary.
SSH Access to Platform Account
Now let’s see how you can access your platform account with all of its environments and containers via SSH.
Open the dashboard and navigate to the upper toolbar.
Click the Settings button.
In the opened User Settings tab, navigate to an SSH Keys > SSH Connection section.
Here, you can see information required for accessing an account, including an SSH connection string (circled in the image below).
Depending on your OS, you need to perform the following steps:
Open your terminal and execute the SSH connection string.
Download and run your SSH client (PuTTY as an example).
Navigate to the Session tab in the left-hand list and fill in the Host Name (or IP address) and Port fields in accordance with your SSH connection string.
1. Once connected, you will see a list of environment groups (with a number of containers within provided in brackets) and ungrouped environments available for your account. Select the required point by entering the appropriate number.
2. After selecting an environment, you’ll see a full list of its containers, which are grouped by layers. Herewith, the master node (required for clustering, scaling, cloning, etc) is designated with the [M] mark.
Direct SSH Access to Container
You can also "jump" directly to the necessary container, skipping the steps of choosing an appropriate environment and node. Just state the appropriate container ID (can be seen at the dashboard next to the corresponding node) at the beginning of the connection string.
For example, in order to access the Tomcat container, which is shown in the image above, you should add the 36864- prefix to the default account connection string in the following way:
ssh firstname.lastname@example.org -p 3022
Such a possibility can be useful for automatization scripts or for setting up application configurations.
We hope that this information will be useful for those of you who would like to delve deeper into the advanced features of the platform. More details can be found in our additional documentation. In our next publication, we will provide you with details on SFTP and FISH protocols for accessing containers via SSH. Stay tuned and remember that with us you always get more!